Security Bulletin

Summary

There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos TM1, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in April and July 2015. Also multiple vulnerabilities were reported for OpenSSL in March 2015 that affect TM1. This bulletin also addresses LOGJAM: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. TM1 9.5.2 is only affected by the OpenSSL vulnerabilities.

Vulnerability Details

CVEID:CVE-2015-0207 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an implementation error in the DTLSv1_listen function when processing the initial ClientHello. An attacker could exploit this vulnerability to cause a segmentation fault. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101665 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-0208 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the signature verification routines. By sending an ASN.1 signature using the RSA PSS algorithm and invalid parameters, an attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101667 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-0285 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by the failure to seed the PRNG. An attacker could exploit this vulnerability using a PRNG with weak entropy to complete a handshake and generate the client random. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101673 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing limitations on request body size. By sending a specially crafted request to the server, an attacker could keep a connection open and force Tomcat to keep a processing thread allocated to the connection. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102131 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103155 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:CVE-2015-1916 DESCRIPTION: Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101995 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-0204 DESCRIPTION: A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99707 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as "Logjam". CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103294 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2015-1931 DESCRIPTION: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. CVSS Base Score: 2.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102967 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

References

Related information

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.